Mi ordenador esta teniendo problemas desde hace unos dias. El navegador firefox no para de conectarse a la pagina limewireextreme.
Ya he visto por este foro que otros usuarios han tenido problemas parecidos, asi es que siguiendo recomendaciones anteriores he instalado los programas CCleaner, Combo Fix y Superantispyware y los he ejecutado siguiendo las instrucciones. Ademas he ejecutado ad-Aware y Spybot Search and Destroy pero sin mejores resultados.
Incluyo el log de Hijack This, el de Panda Totalscan Online y el de Combofix.
De momento no he sido capaz de solucionar nada.
Agradeceria mucho cualquier ayuda que pudierais prestarme.
Muchas gracias.
Un saludo
Alfonso
[quote];***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-12 19:14:21
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.516 7.5.516 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00294876 Adware/SaveNow Adware No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP61\A0023710.DLL
00328084 Adware/SaveNow Adware No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP63\A0024071.DLL
00529681 Adware/WhenUSearch Adware No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP63\A0024072.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix(2).exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Tete\Local Settings\Application Data\Mozilla\Firefox\Profiles\avbdaoii.default\Cache\FA4CCC3Fd01[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Tete\Local Settings\Application Data\Mozilla\Firefox\Profiles\avbdaoii.default\Cache\FA4CCC3Fd01[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix(2).exe[327882R2FWJFW\nircmd.com]
01269187 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0023795.DLL
02684897 Application/AVSystemCare HackTools No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0024010.EXE
02889429 Application/TheSpyGuard HackTools No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0023813.EXE
02896681 Application/TheSpyGuard HackTools No 0 Yes No C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0023820.OLD
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;=============================================[/quote]
[quote][quote]ComboFix 08-02-12.1 - Tete 2008-02-12 23:02:56.1 -[color=red] x86[b]FAT32[/b] [/color]
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.525 [GMT 1:00]
Running from: C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix.exe
* Created a new restore point[color=red] [b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b] [/color]
.[color=purple]The following files were disabled during the run: [/color]
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Tete\ResErrors.log
C:\SpyGuardPro
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-12 23:01 . 2008-02-12 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 19:18 . 2008-02-12 19:23 212 --a------ C:\delete.bat
2008-02-12 15:49 . 2008-02-12 15:49 <DIR> d-------- C:\Program Files\Panda Security
2008-02-12 02:04 . 2008-02-12 22:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 02:04 . 2008-02-12 02:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 23:20 . 2008-02-11 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-11 23:20 . 2008-02-11 23:20 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\SUPERAntiSpyware.com
2008-02-11 23:20 . 2008-02-11 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-11 23:06 . 2008-02-11 23:06 <DIR> d-------- C:\Program Files\CCleaner
2008-02-09 00:32 . 2008-02-09 00:09 625,462 --a------ C:\WINDOWS\system32\ptlg.exe
2008-02-09 00:06 . 2008-02-09 00:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-08 23:44 . 2008-02-08 23:44 <DIR> d-------- C:\Program Files\mpegable
2008-02-08 23:44 . 2008-02-08 23:44 47,104 --------- C:\WINDOWS\AKDeInstall.exe
2008-02-08 23:43 . 2008-02-08 23:43 <DIR> d-------- C:\Program Files\MovieTransformer
2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-08 14:33 . 2008-02-08 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-08 13:56 . 2008-02-08 13:56 <DIR> d-------- C:\Documents and Settings\Tete\.DownloadManager
2008-02-08 01:34 . 2008-02-08 01:34 107 --a------ C:\WINDOWS\VobEdit.INI
2008-02-06 16:46 . 2008-02-06 16:46 463,598 --a------ C:\WINDOWS\AdobeFnt.lst
2008-02-06 03:25 . 2008-02-06 03:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application DataPDFcreator
2008-02-04 11:44 . 2008-02-04 11:44 <DIR> dr-h----- C:\$VAULT$.AVG
2008-02-02 14:16 . 2008-02-02 14:16 <DIR> d-------- C:\Program Files\IMSI
2008-02-02 13:54 . 2008-02-02 13:54 <DIR> d-------- C:\WINDOWS\system32\GAiN LOGs
2008-02-02 13:54 . 2008-02-02 13:54 <DIR> d-------- C:\Program Files\Sonalksis
2008-02-02 13:53 . 2008-02-02 13:53 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Waves Preferences
2008-02-02 13:52 . 2008-02-02 13:52 <DIR> d-------- C:\Program Files\PSPaudioware
2008-02-02 13:51 . 2008-02-02 13:51 6,365,184 --a------ C:\WINDOWS\system32\PSP VintageWarmer2.dll
2008-02-02 13:41 . 2008-02-02 13:43 85,240 --a------ C:\WINDOWS\_084B21D.TTF
2008-02-02 13:41 . 2008-02-02 13:43 83,228 --a------ C:\WINDOWS\_8364E14.TTF
2008-02-02 13:41 . 2008-02-02 13:43 79,672 --a------ C:\WINDOWS\_850F2BD.TTF
2008-02-02 13:39 . 2008-02-02 13:39 <DIR> d-------- C:\PVIVA
2008-02-02 13:39 . 1993-11-18 23:00 49,616 --a------ C:\WINDOWS\system\MSACM.DLL
2008-02-02 13:39 . 1993-11-18 23:00 22,816 --a------ C:\WINDOWS\system\MSACM.DRV
2008-02-02 13:39 . 1994-09-01 23:00 17,936 --a------ C:\WINDOWS\system\IMAADPCM.ACM
2008-02-02 13:39 . 1993-11-18 23:00 16,548 --a------ C:\WINDOWS\system\MAP_WIN.HLP
2008-02-02 13:39 . 1993-11-18 23:00 15,104 --a------ C:\WINDOWS\system\MSADPCM.ACM
2008-02-02 13:39 . 2008-02-02 13:41 233 --a------ C:\WINDOWS\mtb40.ini
2008-02-02 13:39 . 2008-02-02 13:39 111 --a------ C:\WINDOWS\asym.ini
2008-02-02 01:44 . 2008-02-02 01:44 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Azureus
2008-02-02 01:44 . 2008-02-02 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-01 19:40 . 2008-02-01 19:40 <DIR> d-------- C:\Program Files\DUE
2008-02-01 16:39 . 2008-02-01 16:39 <DIR> d-------- C:\Program Files\BSELF
2008-01-31 23:10 . 2008-01-31 23:10 <DIR> d-------- C:\Program Files\Waves
2008-01-31 19:54 . 2008-01-31 19:54 <DIR> d-------- C:\Program Files\Syncrosoft
2008-01-31 19:54 . 2005-11-08 20:02 708,608 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-01-31 19:54 . 2005-11-08 11:20 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-01-31 19:54 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-01-31 19:54 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-01-31 19:54 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-01-31 19:54 . 2005-11-03 17:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-01-31 19:54 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-01-31 19:54 . 2005-11-03 12:17 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-01-31 19:51 . 2008-01-31 19:51 <DIR> d-------- C:\Program Files\Sonnox
2008-01-31 19:47 . 2008-01-31 19:47 <DIR> d-------- C:\WINDOWS\Uninstall
2008-01-31 19:47 . 2008-01-31 19:47 685,913 --a------ C:\WINDOWS\Uninstall\unins000.exe
2008-01-31 19:47 . 2008-01-31 19:47 1,379 --a------ C:\WINDOWS\Uninstall\unins000.dat
2008-01-31 19:47 . 2008-01-31 19:47 45 --a------ C:\WINDOWS\Internet shortcut.url
2008-01-31 16:28 . 2008-01-31 16:28 <DIR> d-------- C:\Program Files\Common Files\Native Instruments
2008-01-31 16:20 . 2008-01-31 16:20 <DIR> d-------- C:\Program Files\iZotope
2008-01-31 16:05 . 2008-01-31 16:05 <DIR> d-------- C:\Program Files\IK Multimedia
2008-01-31 16:05 . 2008-01-31 16:18 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-01-31 16:05 . 2008-01-31 16:18 16 --a------ C:\WINDOWS\msocreg32.dat
2008-01-31 15:04 . 2008-01-31 15:04 <DIR> d-------- C:\Program Files\GForce
2008-01-31 15:04 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-31 11:07 . 2008-01-31 11:07 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-01-31 11:03 . 2003-07-06 09:10 17,408 --------- C:\WINDOWS\system32\minimp3.exe
2008-01-31 10:58 . 2008-01-31 10:58 <DIR> d-------- C:\Program Files\Waveshells
2008-01-31 10:58 . 2008-01-31 10:58 <DIR> d-------- C:\Program Files\Plug-Ins
2008-01-31 10:58 . 2008-01-31 10:58 <DIR> d-------- C:\Program Files\DX Utilities
2008-01-31 10:58 . 2008-01-31 10:58 <DIR> d-------- C:\Program Files\AiR LOGS
2008-01-31 10:58 . 2008-01-31 10:58 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Waves Audio
2008-01-30 19:22 . 2008-01-30 19:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-30 16:56 . 2008-02-05 23:08 87,376 --a------ C:\Documents and Settings\Tete\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 15:18 . 2008-01-30 15:18 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-01-30 15:16 . 2008-01-30 15:16 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-01-30 15:16 . 2008-01-30 15:16 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Autodesk
2008-01-30 15:16 . 2008-01-30 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-30 15:14 . 2008-01-30 15:14 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-30 15:14 . 2008-01-30 15:14 <DIR> d-------- C:\Program Files\Autodesk
2008-01-30 03:35 . 2008-01-30 03:35 <DIR> d-------- C:\Program Files\Vintage Amp Room
2008-01-30 03:35 . 2008-01-30 03:35 <DIR> d-------- C:\Program Files\Studio Devil
2008-01-30 03:24 . 2003-09-04 10:02 311,295 --a------ C:\WINDOWS\LOOP.exe
2008-01-30 01:37 . 2008-01-30 01:37 <DIR> d-------- C:\Program Files\Common Files\KORG
2008-01-30 01:36 . 2008-01-30 01:36 <DIR> d-------- C:\Program Files\KORG
2008-01-30 01:28 . 2008-01-30 01:28 <DIR> d-------- C:\Program Files\SigmaPlot
2008-01-30 01:28 . 2008-01-30 01:28 17 --a------ C:\WINDOWS\msiexec.ini
2008-01-30 01:27 . 2008-01-30 01:27 <DIR> d-------- C:\Program Files\Downloaded Installations
2008-01-30 00:20 . 2008-01-30 00:21 <DIR> d-------- C:\WINDOWS\system32\COLOR
2008-01-30 00:20 . 1997-08-26 10:15 298,496 --a------ C:\WINDOWS\unin040a.exe
2008-01-29 22:51 . 2008-01-29 22:51 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Publish Providers
2008-01-29 22:51 . 2008-01-29 22:51 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Cycling '74
2008-01-29 22:50 . 2008-01-29 22:50 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Sony
2008-01-29 22:49 . 2008-01-29 22:49 <DIR> d-------- C:\Program Files\Sony
2008-01-29 12:26 . 2008-01-29 12:26 <DIR> d-------- C:\Documents and Settings\Tete\Application Data\Applied Acoustics Systems
2008-01-29 12:11 . 2008-01-29 12:11 2,291,734 --a------ C:\WINDOWS\system32\TmpA233211453
2008-01-29 12:09 . 2005-10-18 17:20 71,168 --a------ C:\WINDOWS\system32\drivers\ni_usb.sys
2008-01-29 12:09 . 2005-10-18 17:20 23,168 --a------ C:\WINDOWS\system32\drivers\NiBoot.sys
2008-01-29 12:09 . 2005-10-18 17:20 22,016 --a------ C:\WINDOWS\system32\drivers\ni_avs.sys
2008-01-29 11:55 . 2008-01-29 11:55 <DIR> d-------- C:\Program Files\Antares
2008-01-29 11:46 . 2008-01-29 11:46 <DIR> d-------- C:\Program Files\Nomad Factory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-08 23:32 87,040 ----a-w C:\WINDOWS\system32\ra32sipr.dll
2007-12-08 23:32 85,504 ----a-w C:\WINDOWS\system32\encdnet.dll
2007-12-08 23:32 81,920 ----a-w C:\WINDOWS\system32\ra3214_4.dll
2007-12-08 23:32 72,704 ----a-w C:\WINDOWS\system32\ra3228_8.dll
2007-12-08 23:32 61,952 ----a-w C:\WINDOWS\system32\decdnet.dll
2007-12-08 23:32 487,936 ----a-w C:\WINDOWS\system32\rmbe3260.dll
2007-12-08 23:32 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
2007-12-08 23:32 352,768 ----a-w C:\WINDOWS\system32\pngu3263.dll
2007-12-08 23:32 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
2007-12-08 23:32 21,504 ----a-w C:\WINDOWS\system32\ra32dnet.dll
2007-12-08 23:32 131,072 ----a-w C:\WINDOWS\system32\pneng50.dll
2007-12-08 23:32 130,560 ----a-w C:\WINDOWS\system32\pnc3250.dll
2006-08-13 20:16 25,214 ----a-w C:\Program Files\WavesIcon.ico
2006-08-13 20:16 191 ----a-w C:\Program Files\Waves Home Page.html
2006-08-13 20:16 16,319 ----a-w C:\Program Files\Readme for Waves SSL 4000 Collection 1.2.htm
2006-08-13 20:16 12,213 ----a-w C:\Program Files\Readme for Waves SSL 4000 Collection 1.1.htm
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{238D3403-0761-4B4D-851C-050A3A0AC40A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
[HKEY_CLASSES_ROOT\clsid\{238d3403-0761-4b4d-851c-050a3a0ac40a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{238D3403-0761-4B4D-851C-050A3A0AC40A}"= C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll [2007-06-07 10:46 235072]
[HKEY_CLASSES_ROOT\clsid\{238d3403-0761-4b4d-851c-050a3a0ac40a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-22 10:45 579072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-21 14:48 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 ptlg;ptlg;C:\WINDOWS\system32\ptlg.exe [2008-02-09 00:09]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:28:44 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-06 18:02:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-02-12 23:07:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-12 23:10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 22:09:58
.
2008-02-04 11:02:47 --- E O F ---[/quote] [b]Log de Hijack This:[/b]
Código HTML:[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:38, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ptlg.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.uniovi.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.liepie.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Trailfire Helper Object - {238D3404-0761-4B4D-851C-050A3A0AC40A} - C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O3 - Toolbar: Trailfire Toolbar - {238D3403-0761-4B4D-851C-050A3A0AC40A} - C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200995758140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9520 bytes[/quote] [/quote]
msc hotline sat Virus Research Engineer